Hi.. i know this question might have be posted a few times, but appears no one has pointed out what the solution to this could be....

my nis server/client works fine..using autofs to mount user home directories as well..but running yppasswd doesnt seem to work on the client at all - it will say changed passwd successful..but it still ends up reading off the local passwd file - original passwd?? but if i login to that user acct on server...it logins using the new passwd i have set from the nis client?


I have both ypserv,ypbind and yppasswd running on server, and only ypbind running on client binding to the correct server.

***PLEASE NOTE: constant refused connection shows even i login as as user, after i login as user...

Sep 24 22:16:48 Fedora ypserv[1674]: refused connect from 192.168.1.5:32771 to procedure yp proc_match (NISMASTER,shadow.byname;-1)
Sep 24 22:16:48 Fedora ypserv[1674]: refused connect from 192.168.1.5:32771 to procedure yp proc_match (NISMASTER,shadow.byname;-1)

I believe the problem is likely to be here but i just dun know which part of the setup went wrong...

These are the logs from /var/log/messages:

Sep 24 22:16:46 Fedora rpc.mountd: authenticated mount request from vmclient1:748 for /home /mattcurrie (/home)
Sep 24 22:16:48 Fedora ypserv[1674]: refused connect from 192.168.1.5:32771 to procedure yp proc_match (NISMASTER,shadow.byname;-1)
Sep 24 22:16:48 Fedora ypserv[1674]: refused connect from 192.168.1.5:32771 to procedure yp proc_match (NISMASTER,shadow.byname;-1)
Sep 24 22:16:53 Fedora rpc.mountd: authenticated mount request from vmclient1:875 for /home /elaine (/home)
Sep 24 22:17:01 Fedora ypserv[1674]: refused connect from 127.0.0.1:926 to procedure ypproc _domain (NISMASTER,;0)
Sep 24 22:17:21 Fedora ypserv[1674]: refused connect from 127.0.0.1:926 to procedure ypproc _domain (NISMASTER,;0)
Sep 24 22:17:33 Fedora rpc.yppasswdd[2002]: update mattcurrie (uid=503) from host 192.168.1 .5 successful.
Sep 24 22:17:34 Fedora ypserv[1674]: refused connect from 127.0.0.1:658 to procedure ypproc _clear (,;0)
Sep 24 22:17:41 Fedora ypserv[1674]: refused connect from 127.0.0.1:926 to procedure ypproc _domain (NISMASTER,;0)
Sep 24 22:17:55 Fedora rpc.mountd: authenticated unmount request from vmclient1:633 for /ho me/elaine (/home)
Sep 24 22:17:55 Fedora rpc.mountd: authenticated unmount request from vmclient1:634 for /ho me/fireice (/home)
Sep 24 22:18:01 Fedora ypserv[1674]: refused connect from 127.0.0.1:926 to procedure ypproc _domain (NISMASTER,;0)
Sep 24 22:18:41 Fedora last message repeated 2 times

Here's the /etc/nsswitch file on the server:

passwd: files nis
shadow: files nis
group: files nis

#hosts: db files nisplus nis dns
hosts: files nis dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files

#publickey: nisplus

automount: files
#aliases: files nisplus
aliases: files

The yppasswd obviously did update to the server's passwd file..but somehow client unable to see the updated version of it??

Someone pls help me solve this one... thanks!

On the server, rebuild the db with ypinit, then restart the ypserv service. And also maybe restat the ypbind service on the client.

Hope that helps.

~Steve

I hardly think changing your password should necessitate running ypinit on the server and restarting ypbind on the client as suggested above. In any case, the howto explicitly says DON'T use ypinit to propagate changes on the server's maps - rather use make -C /var/yp.

I don't have a complete answer to your question, but try ypmatch [user] passwd and see if that matches the change to [user]'s password hash on the master's /etc/shadow. Run ypwhich -m to see which master the maps refer to. I assume you're only running one server as a master (if not, you need to see which server any particular client is consulting by running ypwhich on the client); are you also running ypbind on the master? What is the output of ypcat ypservers? Every server, all the masters and slaves, should be listed there.

R.

ypcat, ypwhich, ypmatch all shows correct output, what i have found out is that i had to change in nsswitch to use compact for passwd and group entries...and to do the following on the client's files:/etc/passwd

/etc/passwd
The following entry should be added to the end of the file. A "+" followed by six ":"s
+::::::
/etc/group
The following entry should be added to the end of the file. A "+" followed by three ":"s
+:::
/etc/shadow
The following entry should be added to the end of the file. A "+" followed by eight ":"s
+::::::::

can someone confirm if this is required so NIS client knows to read the passwd,group,shadow files for auth during login process?

and whats the difference with runnning make -C /var/yp or running make inside the var/yp is what i normally do?

How do i restrict access to example a user call nistest from logging into to a specific NIS client? Do i need to do something like the +:: stuff?? And will i normally use hosts.deny to restrict certain host access to NIS by restricting portmapd or is it better to use the securenets file?can someone pls give me some examples of restricting user and host access to NIS pls?

that is for NIS+ not NIS

I have battled this issue my self a while ago.
You need to have the yppasswdd deamon running on the NIS server (observe the double d).
Have you checked the NIS server version of the map using the command ypcat
Most likely the server password is updated.

You list the server setting of /etc/nsswitch.conf, what are the settings on the client?
Are the client configured to lookup the password via NIS or is it still looking at the local files?